Friday, February 26, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home GRC Vendor News

New Report Finds Compliance Regulations Are Driving Boards to Make Cybersecurity the Top Priority

by Corporate Compliance Insights
September 28, 2016
in GRC Vendor News
New Report Finds Compliance Regulations Are Driving Boards to Make Cybersecurity the Top Priority

Third study in series finds support for, but struggles with, increasing regulations and demand for adding more board security expertise

September 28, 2016 (San Francisco) — Bay Dynamics®, a leader in cyber risk analytics, unveiled today the third in a series of reports, all of which examine how boards of directors and IT security professionals prioritize, communicate and reduce cyber risk.  The report, titled, “What’s Driving Boards of Directors to Make Cyber Security a Top Priority?” uncovers the specific drivers behind why boards of directors are making cybersecurity a top priority and the challenges they face in reducing cyber risk. In particular, the report found that 46 percent of board members believe compliance regulations help establish stronger security, but nearly 60 percent struggle with meeting increased mandates — a nearly 20 percent jump over the past two years.

The report is based on a nationwide survey, conducted by the third-party research firm Osterman Research, that interviewed 126 board members who are actively serving on boards of enterprises and receive reports about companies’ cybersecurity programs. Some of the additional findings include:

  • Chasm Between Intent and Execution — Nearly half of the board members surveyed believe that regulations are “very” sufficient in helping to protect corporate data assets.  However, as regulations increase, a growing proportion of companies struggle to satisfy their cybersecurity mandates.  Nearly 60 percent expressed that mandates are “somewhat” or “very” difficult to satisfy — a number that has increased by almost 20 percent from 2014 to 2016.
  • Knowledge is Power — Three out of five board members believe that one or more of their fellow board members should be a CISO or some other type of cybersecurity expert. The previous survey, “How Boards of Directors Really Feel about Cyber Security Reports,” revealed that more than half of the board members felt they were at a disadvantage as security reporting is too technical.  With only one in six board members claiming substantial expertise in understanding the nuances and implications of cybersecurity issues, that power deficiency is driving a 60 percent belief that one or more board members should be a CISO or some other type of cybersecurity expert.
  • The Drive to Comply — The previous survey also found that cybersecurity has become the top priority in the boardroom, surpassing other operational risks. This current survey reveals the number one driver of board members making cybersecurity a top priority is complying with regulatory requirements. In the past two years, there has been an 11-fold increase in the number of organizations citing increased regulation from the government as a driver and a similarly dramatic increase from industry bodies. Close behind, with a 10-fold increase, were fears of lawsuits and regulatory penalties. Shockingly, these factors drove more reaction and action than the experience of a breach at their own company.

This report complements two previously released reports in 2016.  In addition to “How Boards of Directors Really Feel about Cyber Security Reports,” Bay Dynamics and Osterman Research also published “Reporting to the Board: Where CISOs and The Board are Missing the Mark,” which is based on a survey asking IT and security executives about the challenges they face communicating cyber risk issues to the board.

“This series of reports demonstrates a positive shift in how boards of directors are prioritizing and approaching cyber risk issues,” said Ryan Stolte, co-founder and Chief Technology Officer at Bay Dynamics. “It is clear that boards understand that they are responsible for setting the cyber risk appetite of an organization. This current report shows that board members want to understand and be actively involved in the cyber risk reduction process. That includes making decisions that drive continuous compliance and going a step further by adding a board member with cyber-specific expertise who speaks the same language as the trusted security executives advising them.”

“The survey reveals that boards of directors in larger companies are taking cybersecurity and cyber risk much more seriously than they were just two years ago,” said Michael Osterman, Principal Analyst with Osterman Research. “Board members are increasingly recognizing the critical importance of becoming better educated about cyber-related issues and relying on trusted advisors that can increase their expertise on critical cybersecurity and cyber risk issues.”

Report Series:

  • What’s Driving Boards of Directors to Make Cyber Security a Top Priority, September 2016
  • How Boards of Directors Really Feel about Cyber Security Reports, June 2016
  • Reporting to the Board: Where CISOs and the Board are Missing the Mark, Feb 2016

About Bay Dynamics

Bay Dynamics® is a cyber risk management company that helps enterprises measure, communicate and reduce cyber risk. The company’s flagship analytics software, Risk Fabric®, automates the process of analyzing security information so that it’s traceable, trustworthy and prioritized. The platform makes cyber risk everyone’s business – from employees to line-of-business application owners to the board – and actively engages all parties in measurably reducing it. Bay Dynamics enables some of the world’s largest organizations to understand the state of their cybersecurity posture, including contextual awareness of what their insiders, vendors and bad actors are doing, which is key to effective cyber risk management. For more information, please visit www.baydynamics.com.

Follow Bay Dynamics on Twitter at www.twitter.com/BAYDYNAMICS, on LinkedIn at www.linkedin.com/company/bay-dynamics/ and on Facebook at www.facebook.com/bay.dynamics.

Bay Dynamics and Risk Fabric are registered trademarks of Bay Dynamics, Inc.  Other trademarks mentioned are the property of their respective owners.


Previous Post

AppZen Launches ReceiptIQ™

Next Post

PDVSA at the Center of International Anti-Corruption Efforts

Corporate Compliance Insights

Related Posts

red paper plane breaking rank from white paper planes

Diligent to Become Largest Global GRC SaaS Company Through Galvanize Acquisition

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
hands fitting puzzle pieces together on yellow background

LexisNexis® Risk Solutions and Accuity Join Operations

February 18, 2021
concept next generation technology

NICE Launches Next-Gen Compliance Solution

February 1, 2021
Next Post
Multinational coalition targets corruption in Venezuela

PDVSA at the Center of International Anti-Corruption Efforts

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights